0
이상한 오류가 발생합니다. Shiro LDAP에 유효한 사용자/암호를 전달하면 모두 괜찮습니다. 그러나 조합이 유효하지 않은 경우 예외가 발생하고 Shiro 영역 코드를 통해 루핑을 계속합니다. 디버거에서는 단지 Shiro 코드에 머물러 있습니다. 단 하나의 무시 방법을 제외하면Authenitcation 실패시 Shiro LDAP 영역을 반복합니다.
public class MyJndiLdapRealm extends JndiLdapRealm {
public MyJndiLdapRealm() {
super();
}
@Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token,
LdapContextFactory ldapContextFactory)
throws NamingException {
Object principal = token.getPrincipal();
Object credentials = token.getCredentials();
principal = getLdapPrincipal(token);
LdapContext ctx = null;
try {
ctx = ldapContextFactory.getLdapContext(principal, credentials);
//context was opened successfully, which means their credentials were valid. Return the AuthenticationInfo:
return createAuthenticationInfo(token, principal, credentials, ctx);
} finally {
LdapUtils.closeContext(ctx);
}
}
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/ldapLogin"/>
<property name="unauthorizedUrl" value="/ldapLogin"/>
<property name="successUrl" value="/ldapLogin"/>
<property name="filterChainDefinitions">
<value>
[urls]
/** = ssl[8443],authc, customAuthFilter
[main]
/logout = logout
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realms">
<list>
<ref bean="authenticateLdapRealm"/>
<ref bean="authenticateDbRolesRealm"/>
<ref bean="DbAuthorizingRealm"/>
</list>
</property>
<property name="authenticator.authenticationStrategy">
<bean class="org.apache.shiro.authc.pam.AllSuccessfulStrategy"/>
</property>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean id="authenticateLdapRealm" class="security.MyJndiLdapRealm">
<property name="contextFactory" ref="contextFactory" />
<property name="userDnTemplate" value="cn={0},ou=REMOTE,o=OFF" />
</bean>
<bean id="contextFactory" class="org.apache.shiro.realm.ldap.JndiLdapContextFactory">
<property name="url" value="ldap://172.25.3.91:389"/>
</bean>
<bean id="authenticateDbRolesRealm" class="security.DbRolesRealm">
</bean>
<bean id="SwiDbAuthorizingRealm" class="security.DbAuthorizingRealm">
</bean>
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>